Simple Express based cloud password manager.
Built mostly for me to get more familiar with HTTP requests and cryptographic functions. Since I haven't bothered to make a frontend yet it is NOT secure against attacks intercepting data sent to the server.
AES-256 is used to encrypt user data, Argon2id is used to hash master password and PostgreSQL is used to store encrypted data.
Connect a PostgreSQL database to the API via a .env file with the variable DATABASE_URL.
Run using:
npm install
npm start
The API always takes arguments as JSON in the request body. It has the following endpoints:
| Endpoint | Payload needed | Explanation |
|---|---|---|
/create_user |
username, password | Creates a user |
/delete_entry |
username,password,entry_id | Deletes the saved entry of the user with specific ID |
/get_entries |
username,password | Returns all saved entries of the user |
/create_entry |
username,password,entry_username,entry_password,entry_site,entry_note | Creates an entry associated with the user |
- Create front end
- Move master password hashing and de-/encryption to front end so nothing unencrypted/unhashed goes outside the local environment
- Create admin endpoint to manage saved users
- Hook this up to an actual server so I can be free of Bitwarden